More than 30 years ago James Cameron’s Terminator showed us a future wherein unstoppable machines have taken over the world with ruthless efficiency. While they haven’t quite managed the terrifying robotic menace of Schwarzeneggar’s titular character, the machines managed to rise up and ruin the the internet for several days last week. Regardless of how you use the internet, you were more than likely affected by the massive outage caused by a distributed denial of service (DDOS) attack on domain name service (DNS) provider Dyn, which in turn disrupted access to numerous worldwide internet services like Twitter, Spotify and Sony’s video gaming service, as well as impacting thousands of other businesses who rely on Dyn’s infrastructure. Up until most recently, attacks like these were perpetrated by swarms of malware-controlled computers known as botnets. This time around, the massive DDOS attack was led by a vast swarm of internet-enabled security devices, mostly webcams, DVR’s and NVR’s. These devices are part of the growing “internet of things” (IoT) and the scale of the attack enabled by only a fraction of the IoT has many in the industry (including yours truly) very concerned.
What this means for you:
The rise of cheap, easy-to-install webcams and NVR’s have led to their proliferation throughout the business and residential world. The malware used in Friday’s attack was designed to target flawed firmware from a Chinese manufacturer that is used widely in this class of device – so widely that the firm has actually issued a recall of some devices sold in the US, wherein the majority of the attacks were focused. It’s unclear how many undiscovered or undisclosed devices are also impacted by this particular malware variant, or how many other dormant weaknesses lie in wait, either already discovered and held close, or just waiting for that next inquisitive hacker to discover and then exploit. Even now, after years of loopholes, exploits and quality control issues discovered in major brands (Galaxy Note 7 is only one recent example), manufacturers continue to race to the bottom in costs, often cutting corners that make their devices insecure and even dangerous. Mass manufacturing and distributed design enables companies to produce and sell tens of thousands of devices around the world, but it could also results in rapid, wide-spread distribution of sleeping terminators, just waiting to rise up against their owners at their master’s command.
Image courtesy of Geerati at FreeDigitalPhotos.net
It’s one of the oldest cons in the book: convincing a mark that they’re sick and then selling them a handy cure for the low, low price of “You just got ripped off.” Despite this sort of scam being perpetrated on the internet for years now, it’s still bamboozling lots of people, according to a recent court case brought by the FTC against a US-based company that has tricked computer users into purchasing millions in fake technical support to “fix” their computers. The scammers find their “marks” via fake pop-ups warning users that their computers are infected or performing poorly and provide a prominent phone number to call to receive tech support from a “certified” Microsoft or Apple partner (of which they are most definitely not). Once the victim calls, they are essentially tricked into believing they actually need support through carefully crafted application of legitimate tools and deceitful interpretation of events and warnings that are commonplace and not necessarily indicative of an actual problem. Once the scammers get your credit card or bank account info and get paid, they will deliver the service in the form of tech support “theatrics” which is more than likely just a script that looks impressive, but doesn’t actually do anything or might even damage your computer further. It’s also highly likely your payment info gets sold on the black market for additional profit.
Spread the word:
Clients of C2 Technology are typically savvy enough to spot this con a mile away, or at a minimum, have developed a healthy sense of skepticism to pick up the phone and call for a second opinion from someone they know and trust. It may not occur to you that, as a tech-savvy professional, you might actually be that trusted advisor for your family, friends and colleagues. Even if you don’t feel like a tech expert, you know enough to warn the people around you about these sort of scams, and you definitely know an expert who is always willing to take their call. At minimum, you should foster a healthy skepticism in the more naive or gullible loved ones, especially the ones that always seem to fall for the most obvious scams. This isn’t just for their benefit, it serves you as well. The more people around you who stay safe, the less likely you are to get infected. Thanksgiving dinners are a lot more enjoyable when you don’t have an family-spread malware infection on the table.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Just under a month ago, Samsung announced that it was recalling/replacing all Galaxy Note 7 phablets shipped prior to early September due to exploding batteries. Roughly two weeks later, news broke that Yahoo more than likely allowed US government agencies full access to the entire breadth of all email accounts hosted by Yahoo, while the fading tech giant was still reeling from a reported data breach and the pending sale to Verizon. Unfortunately both companies are back in the news this week and not for good reason. Samsung’s replacement Note 7s with the less explodey battery, has – you guessed it – started exploding again, even putting a customer in the hospital. This incident and at least 2 other reports of flaming phones has prompted Samsung to halt production on the Note 7, and all major US carriers will no longer sell the device. Yahoo’s troubles continue as well: the now infamous email service has suspiciously dropped the forwarding function from its service, making it more difficult for people to move to another provider. When you combine this mysterious change with the lawsuit against Yahoo’s CEO Marissa Meyer, Yahoo is looking less like a technology leader and more like a troubled company struggling to survive.
What this means for you:
Companies of this size typically have resources enough to pick themselves up and shake off these types of events. Heck, breaches are so commonplace now that most of the time consumers just shrug and carry on. Despite various widespread problems with iPhones (Antenna-gate, Bend-gate, Touch Rot) Apple still manages to sell lots of units every year. While Samsung will undoubtedly take a huge reputation hit in the mobile market, the Korean megacorp itself is so broad that it’s hard to image the Note 7 sinking the entire company. If anything the repeat failure just highlights the complex manufacturing chain that goes into producing our smartphones and will perhaps push Samsung and its competitors to look for safer, better battery solutions.
Yahoo is looking a lot less resilient than Samsung: it doesn’t have the broad product base to fall back on, and one might argue that its most valuable asset – the millions of people who still use Yahoo Mail – is in jeopardy at a time when the company can least afford it. Whether the disappearance of mail forwarding was ill-timed or carefully calculated, the long-term optics look worse than a smoking phablet. Last week’s news of Yahoo’s compromising relationship with US intelligence agencies should have been enough to encourage you to retire your Yahoo account, and their current strategy is not the Hail-Mary play they need to stay in the game.
The good ship Yahoo is still battling troubled waters on its journey to the safe harbor of a Verizon purchase. Reuters has just released a massive bombshell that may blockade if not outright scuttle the $4.8bln deal: two former employees of the beleagured media company have alleged that Yahoo complied with a classified directive from a government agency to directly surveil the millions of email accounts hosted by Yahoo in 2015. According to the Reuter sources, the decision to open Yahoo Mail’s kimono was made behind closed doors, excluding Yahoo’s then Chief Information Security Officer, who apparently resigned because of this incident.
Whiskey Tango Foxtrot, Yahoo?
Normally, I don’t urge folks to get out the pitchforks and torches, but on reading this I actually used language not normally heard in polite company. Thus far the government agencies named are declining comment. If the allegation proves accurate, I’d say Yahoo customers had their Fourth Amendment rights violated and thoroughly trod upon any trust they might have had left with their still substantial customer base. Coupled with the recent massive breach they experienced in 2014 and the debacle that was their conversion to a new email platform in 2013, it’s no wonder Yahoo has gone from an Internet powerhouse to second-tier media company up for sale. If you are still using Yahoo as a primary email provider for work, you should stop doing so immediately, not only for security issues that they can’t seem to get ahead of, but now for serious breaches of privacy and trust.
It’s every business owner’s worst nightmare: dissatisfied customer takes to the internet and writes a scathing review on Yelp, possibly hurting new business or scaring away potential clients or even investors and vendors. Worse yet, the review itself may be fabricated, and unless the bad review breaks Yelp’s posting rules, there is typically very little the business owner can do except to respond to the reviewer in the same forum. This may change now that a recent court case has found its way to the California Supreme Court. Prior to the appeal that landed it in the upper court’s docket, two lower judges ruled in favor of the plaintiff who successfully sued to have a bad review removed from Yelp as defamatory.
What this means for you:
Before you hit the “Release the Lawyers!” speed dial on your phone it may be worth waiting to see what the Supreme Court has to say on this. I have spoken with many folks who are sympathetic or even empathetic to the plaintiff’s side in this case. They feel helpless to counter what they see as spiteful and vengeful reviews on Yelp and other review sites, especially when there seems no recourse to address the customer or have dishonest or misleading posts removed or even reviewed for accuraccy. As you can imagine, Yelp and several other Internet companies are watching this very closely. According to them, it could lead to a very chilling effect on crowd-sourced reviews, and if the hyperbole is to be believed, could even impact free speech. At minimum, we can hope it will lead to innovation, new thinking or a cultural shift that will add accountability to the type of free speech that the internet enables, and possibly even diminish the size of the “soap box” it grants to the more radical or dangerous fringes of the internet.
It’s taken many years, but it would seem that the US business world has finally agreed that throwing old technology straight into the trash is unsafe and bad for the environment. To capitalize on this, an entire cottage industry of electronic waste (e-waste) recycling companies have sprung up over the years as our rate of technology consumption increases. Unfortunately, though they may promise it in their marketing, an investigative study has found that as much as 40% of e-waste processed through these companies is actually illegally and improperly disposed of through shady overseas outfits that buy the e-waste for pennies on the pound, scavenge what precious metals they can, and then dump the rest in toxic landfills. Contrary to popular belief, e-waste recycling is costly to do properly, and not profitable at this current time.
What this means for you:
While you should still feel good for not just throwing your e-waste into the trash, you may want to scrutinize the vendors or organizers of any e-waste events that you use, especially if they promise “secure disposal” of items that may contain data, like old hard drives or mobile devices. If the vendor in question isn’t handling the actual recycling of the materials it collects, it’s possible they are reselling the e-waste to cover their costs (maybe even make a small profit) to another firm that is definitely not “green” in any sense other than profiteering.
There are two types of e-waste certifications recognized by the EPA – “R2” and “eStewards” – both of which are administered by nongovernmental organizations, and despite the certification and oversight, both seem to have bad apples, though eSteward companies are held to stricter standards and appear to cheat less than their R2 or non-certified counterparts. While you can’t be expected to control or direct the morality of these companies or the certification process, your scrutiny and attention to this issue will hopefully lead to less hazardous waste being improperly disposed of in overseas landfills.
With as many as 70 reports of exploding batteries in the US alone, Samsung has officially announced that it is recalling all Galaxy Note 7 phones sold prior to, well, this week. In case you were considering ignoring the recall to continue using your shiny new phablet, know that even the US Consumer Product Safety Commission is recommending everyone stop using the device immediately. Still not convinced? Just do a search on YouTube for exploding batteries to gain a new understanding of just how Samsung’s “hot” new phone is really not one you want in your pocket or purse. While certain less savory media outlets may be sensationalizing Samsung’s flagship recall with lurid headlines, there are at least several lawsuits pending which allege grave bodily injury and extensive property damage.
What this means for you:
Make sure your important data is backed up somewhere other than the device, stop using your Note 7, and head to your nearest carrier service center/store. Know that in most cases, carrier personnel are being instructed by their leadership to not turn on the phone or assist customers in transferring data off the device (which they normally do). Expect your phone to go straight into a box, and if you’ve not retrieved your data, you will not see it again. Depending on your carrier, you will have options to replace the device with something else, get a loaner while you wait for a “safe” Note 7, or just get a full refund for your purchase. Here is Samsung’s official page on the “exchange” program. You should also know that Samsung plans to “nudge” Note 7 holdouts by sending an over-the-air update to lower the phone’s battery capacity to 60%, hoping to provide further incentive to reluctant Note 7 owners to turn in their phablets.
Even if you don’t own a Note 7, there are several valuable lessons that can be learned from the recall.
- Any mobile device that is too hot to touch, especially while being charged, is potentially very dangerous. Immediately unplug it, power it down (if you can do so safely/quickly), and set it away from any flammable materials until it cools down. Definitely replace the charger with a high quality charger – be careful of “booster” or “fast” chargers, especially cheap ones – even if they don’t explode your battery, you can do serious damage to your phone with repeated use if the amperage/voltage is not aligned with your devices requirements.
- Make sure your important data is backed up and retrievable from another device that isn’t your phone. This includes contacts, emails, photos and text messages, as well as any other content you create exclusively on your phone. Both iOS and Android offer “native” cloud platforms that can help you store your phone data, and most major carriers also have custom apps/plans that will also cover you there, but don’t assume these services are activated and working from the start. Most need to be set up, and depending on the amount of data that needs to be stored, may require additional payment to expand your cloud storage. Also, backing up data takes time, especially if your internet connection isn’t very fast.
If you can’t live without your mobile device for more than couple hours, why not swap to your older phone for awhile until Samsung can ship you a phone that has less potential to cause 3rd degree burns. At minimum, know how to check your phone voicemail from another number/device. This will allow you to answer all those concerned calls from friends and colleagues who know you are still walking around with Samsung’s “hottest” new phone.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
You know the general public is suffering from security fatigue when something as big as the Dropbox breach appears in the news, and almost as quickly, disappears. In case you blinked, online magazine Vice.com broke the news last week that a database recently surfaced which contains over 60 million Dropbox.com user accounts (email addresses) and hashed passwords. Almost immediately following this news, Dropbox itself issued an email warning to its users that it was resetting passwords of users who might have been impacted by a 2012 breach. Breach notification site HaveIBeenPwned.com also corroborated the reports that the account information found in the database does contain valid usernames and encrypted passwords.
What this means for you:
Even though breach data may be years old it can still be valuable, especially if the passwords are stored with weak, easy-to-crack encryption. In the case of the Dropbox breach, approximately half of the passwords are strongly encrypted, and are unlikely to be decoded, and the other half stored in a slightly weaker, but still formidable encryption method. As proof of their continued value, many databases from breaches as far back as 2012 and earlier as still actively traded and sold in the digital blackmarket, and as technology continues to advance, you can bet that even strongly encrypted databases will eventually be cracked. If your account and password only showed up in the Dropbox.com breach, you could consider your password relatively safe (change it anyways!) for now, but if you used it elsewhere, and that account was exposed in another breach, like the LinkedIn.com breach that happened in the same year, and you used the same password as you did for Dropbox, your security is considerably more compromised. Multiply that exposure for every other breach you were a part of and used the same password again, and we can’t even account for the breaches that haven’t yet been publicized!
Long story short: check HaveIBeenPwned.com, change your passwords, and don’t reuse passwords!
With the hotly anticipated announcement of the next iPhone right around the corner, some parts of the technology media are once again navel-gazing about the world’s continuing love affair with Apple’s popular smartphone. It’s easy to see why so many are devoted consumers: the iPhone is a stellar example of a beautiful device that is highly functional. Long gone are the days where using high-tech tools were the sole domain of the unfashionably nerdy or productivity-obsessed workaholics, and there is no doubt who we have to thank for this change. But the eternal question is raised again: are we sacrificing function for form? Has the iPhone become of the stiletto heels of mobile devices?
Has Woo gone off the deep end?
Before you get the pitchforks and torches out, let me be clear: I’ve got nothing against stiletto heels. They are only one example in a sea of thousands that illustrated the “form over function” ideal, but they make for a handy and familiar analogy. Over time, the iPhone has become thinner because, let’s face it, chunky phones just aren’t “sexy” in today’s world. This had led to some interesting trends including antennae-gate, bend-gate, Touch disease, and the telling statistic that up to 1 in 4 of iPhones will suffer a cracked screen during their functional life, and that as many as 15% of all iPhone users are walking around with cracked screens rather than replacing them. What’s troubling is that an affordable, shatter-proof screen is readily available: use plastic instead of glass! But time and again, market research and testing shows that people don’t want plastic because it feels cheap, and right now, iPhones (and smartphones in general) are still very much a status symbol. Not that other smartphones aren’t seeing a similar trend in flawed design, but Apple is an easy, high-profile target that continues to market on its esthetics, and like a purebred pet with predisposition to genetic health issues, the iPhone could be evolving into a fragile, unsustainable extreme. How many more “flaw”-gates will people suffer through before demanding a more functional, practical smartphone? I still see a lot of stiletto heels out there.
Last week, the majority of US Windows 10 users received a big update from Microsoft nicknamed the “Anniversary Update”, primarily because it was initially released on Aug 2, approximately one year after the official launch of Microsoft’s latest operating system. Amongst a host of improvements to core features like Edge and Cortana and presumably numerous bug fixes, the update also managed to render millions of webcams inoperable. Depending on what you use your computer (and webcam) for, and even what generation you hail from, the impact of this could have been non-existant to a complete showstopper. In the ongoing videochat fight, Apple and Google just scored a TKO without even stepping into the ring.
What this means for you:
Obviously if you don’t use Windows 10 and a webcam, feel free to point and laugh or shake your head in sympathy. What might make this very aggravating for the average Windows 10 user is that they may not even know their computer was updated last week. All they know is their Skype or favorite videochat app is now locking up after a minute with no visible explanation. Even more exasperating is Microsoft’s new rollback policy for Windows 10. Previous versions of Windows allowed the user to uninstall any MS update applied to their system at any time. Now, with Windows 10, you have ten days to rollback your OS to a previous version, otherwise you are just out of luck. In the grand scheme of things, ten days is a very short time to figure out the root cause of an obscure problem like this, so you can imagine that many folks are discovering the root cause of this problem too late to easily solve it.
Though Microsoft has finally acknowledged the problem (WARNING: technical jargon galore!), a patch is unlikely to be released until September. Until that day arrives, the only fix is to rollback the Anniversary update (if you catch it within 10 days) or manually edit your computer’s registry. Buying another webcam won’t necessarily fix this problem unless you know for a fact it can process video through a codec known as YUY2, as Microsoft intentionally removed support for the more common MJPEG and H.264 protocols. According to them, these two older codecs have significant performance issues and support was removed to improve Windows 10. So now instead of degrading performance, your webcam will have zero impact on your computers performance. Working as intended?